public GlobalSettings()
{
BaseServiceUri = new BaseServiceUriSettings(this);
Attachment = new FileStorageSettings(this, "attachments", "attachments");
Send = new FileStorageSettings(this, "attachments/send", "attachments/send");
DataProtection = new DataProtectionSettings(this);
}
public static IServiceCollection LoadMasterKey(this IServiceCollection services, IConfiguration configuration)
{
DataProtectionSettings dataProtectionSettings = new DataProtectionSettings();
IConfigurationSection dataProtectionSettingsSection = configuration.GetSection(nameof(DataProtectionSettings));
dataProtectionSettingsSection.Bind(dataProtectionSettings);
SymmetricSecurityKey masterSecurityKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(dataProtectionSettings.MasterKey));
return(services.Configure <DataProtectionSettings>(options =>
{
options.MasterSecurityKey = masterSecurityKey;
}));
}
/// <summary>
/// AddDataProtectionWithCertInRedis
/// </summary>
/// <param name="services"></param>
/// <param name="action"></param>
/// <returns></returns>
/// <exception cref="WebApiException"></exception>
public static IServiceCollection AddDataProtectionWithCertInRedis(this IServiceCollection services, Action <DataProtectionSettings> action)
{
DataProtectionSettings dataProtectionSettings = new DataProtectionSettings();
action(dataProtectionSettings);
string redisKey = $"{dataProtectionSettings.ApplicationName}_{EnvironmentUtil.AspNetCoreEnvironment}_dpk";
X509Certificate2 certificate2 = CertificateUtil.GetCertificateFromSubjectOrFile(
dataProtectionSettings.CertificateSubject,
dataProtectionSettings.CertificateFileName,
dataProtectionSettings.CertificateFilePassword);
ConfigurationOptions redisConfigurationOptions = ConfigurationOptions.Parse(dataProtectionSettings.RedisConnectString);
redisConfigurationOptions.AllowAdmin = false;
Policy
.Handle <RedisConnectionException>()
.WaitAndRetryForever(
count => TimeSpan.FromSeconds(5 + count * 2),
(exception, retryCount, timeSpan) =>
{
RedisConnectionException ex = (RedisConnectionException)exception;
Log.Fatal(
exception,
$"DataProtection : Try {retryCount}th times. Wait For {timeSpan.TotalSeconds} seconds. Redis Can not connect {dataProtectionSettings.RedisConnectString} : {redisKey};"
);
})
.Execute(() =>
{
ConnectionMultiplexer redisMultiplexer = ConnectionMultiplexer.Connect(redisConfigurationOptions);
services
.AddDataProtection()
.SetApplicationName(dataProtectionSettings.ApplicationName)
.ProtectKeysWithCertificate(certificate2)
.PersistKeysToStackExchangeRedis(redisMultiplexer, redisKey);
});
return(services);
}
public static IServiceCollection AddDataProtection(this IServiceCollection services, IConfiguration configuration)
{
var protectionSettings = new DataProtectionSettings(configuration);
if (protectionSettings.Enabled)
{
var protection = services
.AddDataProtection()
.PersistKeysToAzureBlobStorage(protectionSettings.BlobUriWithSas);
var vaultSettings = new KeyVaultSettings(configuration);
if (vaultSettings.Enabled)
{
protection.ProtectKeysWithAzureKeyVault(
protectionSettings.VaultKeyIdentifier,
vaultSettings.ClientId,
vaultSettings.ClientSecret);
}
return(protection.Services);
}
return(services);
}
public MasterKeyProvider(
IOptions <DataProtectionSettings> dataProtectionSettingsAccessor)
{
_dataProtectionSettings = dataProtectionSettingsAccessor.Value;
}
